rails controller test failing non-deterministicly wrt state leak (I think)
ruby-on-rails,testing,controller,strong-parameters
Turns out I needed to call @subscription.reload.
Strong params require works, but permit doesn't
ruby-on-rails,angularjs,strong-parameters
Looks like you have two problems First - This is odd def update project_id = update_params[:project] end Usually, it looks like def update project = Project.find(id) project.update_attributes(project_params) ... end private def project_params params.require(:project).permit(:technology, :team_member) end And second - your form isn't submitting the project params in the right format -...
Many to Many initializing relationship as default in Def New
ruby-on-rails-4,many-to-many,has-many-through,strong-parameters
you use a hidden field with the name item_ids[] and assign the item array to it.
Strong parameters in test issue
ruby-on-rails,ruby,strong-parameters
I've found it - it was because of quirky way I was creating checkboxes for HABTM = check_box_tag "user_setting[district_ids][#{district.id}]", district.id, user.settings.district_ids.include?(district.id) = label_tag "user_setting[district_ids][#{district.id}]", district.name For no particular reason I've inserted ids into params keys AND values. And because of that those were passed to params object as hash. In...
Rails 4 Strong Parameters access attribute
ruby-on-rails,strong-parameters,ruby-on-rails-4.1
According to docs Action Controller parameters are forbidden to be used in Active Model mass assignments until they have been whitelisted what means, you cant use them to create AR object, but you can still use your params to do some stuff with them, so you can simply format_branch_number(params[:equal_number], params[:equal_main_branch_number])...
Rails 4 strong params get permit from nested model
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
Use a method defined inside ApplicationController, or a shared module: ApplicationController: class ApplicationController def contact_details_permitted_attributes [:id, :contactable_id, :contactable_type, ...] end end class ContactDetailsController < ApplicationController def contact_details_params params .require(contact_details) .permit(*contact_details_permitted_attributes) end end class OrganisationsController < ApplicationController def organisation_params params .require(:organisation) .permit(:org_reference, ...,...
strong_params removing id of accepts_nested_attributes_for models
ruby-on-rails,strong-parameters
Looks like this was because of an issue with Mongoid. The id I was passing in was a Moped::BSON::ObjectId, which strong_params refused to parse. I converted it to a string and everything was fine after that: params[:product_grid][:product_grid_locations_attributes].each { |location| location[:id] = location[:id].to_str } ...
Number_field_tag to create unique records for each item/ quantity
ruby-on-rails,forms,parameters,strong-parameters,form-helpers
OK I solved it. And I realized it was really simple... this is what happens when you work too long... the brain just stops Controller code: def create items_to_be_saved = [] inventory_params.each do |item, quantity| quantity = quantity.to_i quantity.times do items_to_be_saved << (:item_name => item ) end end if Inventory.create...
Strong parameters: Unpermitted parameters: tags in has_many_through relation
ruby,ruby-on-rails-4,strong-parameters
From docs Only permitted scalars pass the filter. ... passes params whose associated value is of type String, Symbol, NilClass, Numeric, TrueClass, FalseClass, Date, Time, DateTime, StringIO, IO, ActionDispatch::Http::UploadedFile or Rack::Test::UploadedFile. Otherwise, the key :name is filtered out. You cannot convert tag array elements to AR objects before you permit...
Rails strong parameters datetime picker correct format for database
jquery,ruby-on-rails,date,datetime,strong-parameters
Within your Statistic model, you can change the entry_date attribute using the before_save method which will let you change the attribute before saving to the database, so that you don't need to worry about strong parameters. class Statistic < ActiveRecord::Base before_validation :set_entry_date def set_enty_date self.entry_date = DateTime.strptime(self.entry_date, "%m/%d/%Y").strftime("%Y/%m/%d") end end...
Best way to handle missing required params with StrongParameters?
ruby-on-rails,ruby-on-rails-4,strong-parameters
Figures that I find the answer immediately after posting my question. :) It looks like the ActionController::StrongParameters#fetch method does what's needed, e.g.: params.fetch(:upload, {}).permit(:filename) ...
declare value for strong parameters
ruby,ruby-on-rails-4,strong-parameters
Try the following code for your controller: class QuoteController < ApplicationController autocomplete :author, :name, :full => true autocomplete :Category, :title, :full => true def new @quotes = Quote.new end def create @quotes = Quote.new(quotesParams) @quotes.send_type = "web" @quotes.user_id = current_user.id if @quotes.save redirect_to root_url else redirect_to root_url end end private...
undefined method `permit' for “Submit Now! ”:String. Where am I going wrong?
ruby-on-rails-4,error-handling,strong-parameters
I can recognize the problem in the params. You have this: {"utf8"=>"✓", "authenticity_token"=>"######AAAA", "submit"=>"Submit Now! ", "project_id"=>"51"} You should have this: {"utf8"=>"✓", "authenticity_token"=>"######AAAA", "project_id"=>"51", "version"=>{"title"=>"Foo Bar"}, "button"=>""} The reason this is a problem is because you do not have a version title being passed in the params, and you are...
Raise forbidden attributes error in staging
ruby-on-rails,ruby-on-rails-4,strong-parameters
This behaviour can be changed by changing the config.action_controller.action_on_unpermitted_parameters property in your environment files. If set to :log the unpermitted attributes will be logged, if set to :raise an exception will be raised. https://github.com/rails/strong_parameters...
Save a JSON array to database in rails with strong_params
ruby-on-rails,json,strong-parameters
It's because signature is not inside the user attributes. You have: { "first_name" => "Jackson", "last_name" => "Cunningham", // etc. }, "signature" => "asasfafsafs" But what you actually want is: { "first_name" => "Jackson", "last_name" => "Cunningham", "signature" => "asasfafsafs", // etc. } So in your HTML form, you should...
Error: Unpermitted parameters with nested attributes
ruby-on-rails,ruby-on-rails-4,nested-forms,nested-attributes,strong-parameters
The usual way to do the above would be Controller def new @incorporation = Incorporation.new @company = @incorporation.build_company and in your view <%= form_for @incorporation do |f| %> <div class="panel-body"> <%= f.text_field :title, input_html: { class: 'form-control' } %> <h3>TEST</h3> <%= f.fields_for :company do |company| %> <%= company.text_field :name, input_html:...
Rails + Mongoid + Strong Parms failure
ruby-on-rails-4,strong-parameters,mongoid4
First off you don't need to restart the rails server for any of the changes you've described. The error you're getting just means that params[:user] is empty (or missing). If you check your development.log you'll see that params[:name] is set instead. This is because you've used text_field_tag, which doesn't name...
Add Multiple Nested Attributes through checkboxes Rails 4 (maybe with multiple forms)
ruby-on-rails,forms,checkbox,nested-attributes,strong-parameters
I haven't been able to test this code myself, but I have implemented similar code, so the ideas should be correct. The trick here is using each_with_index, and then passing that index to your fields_for call. This way the each additional milestone_id that you add via a checkbox will be...
Rspec Strong Parameter stripping out params
ruby-on-rails,rspec,strong-parameters
Update your okay_params definition as: # app/controllers/providers_controller.rb def okay_params params.require(:admin_provider).permit(:name) end Then your spec: it "creates a new Provider" do expect { post :create, {:admin_provider => {:name => "foo bar"}}, valid_session }.to change(Provider, :count).by(1) end ...
Updating Strong Params - Stripe and Rails 4
ruby-on-rails,ruby,ruby-on-rails-4,stripe-payments,strong-parameters
It should be like this payment_params[:stripe_token] = charge.id @payment = Payment.new(payment_params) respond_to do |format| if @payment.save And you will have this method private in controller private def payment_params params.require(:payment).permit(:payment, :stripe_token) end Please refers rails 4 strong parameter tutorial if you are not aware of it. you can do it with...
Rails 4 Nested Attributes with fields_for Don't Save to Database
checkbox,ruby-on-rails-4,nested-attributes,strong-parameters,fields-for
Update venue_params method as below: def venue_params params.require(:venue).permit( :name,:address,:city,:state,:zip, parkings_attributes: [:id, :venue_id, :none, :street_free]) end Notice parkings_attributes(plural parkings) and not parking_attributes(singular parking). As you have 1-M relationship between Venue and Parking model you would receive parkings_attributes(plural parkings) in params hash BUT in your current code for venue_params you whitelisted parking_attributes(singular...
Rails - Nested Strong parameters
ruby-on-rails,nested-attributes,strong-parameters
use the singular profile_attributes if it's a has_one
has_one nested attributes not saving
ruby-on-rails,ruby,rails-activerecord,model-associations,strong-parameters
Solution You need to change few things here. Firstly: = simple_fields_for @project.project_pipeline do |i| When you pass the object, rails have no idea it is to be associated with the parent object and as a result will create a field named project[project_pipeline] instead of project[project_pipeline_attributes]. Instead you need to pass...
Devise not saving parameters that are already sanitized in App Controller Rails 4
ruby-on-rails,devise,registration,strong-parameters
Currently, you have redefined the method configure_permitted_parameters, which is why Ruby is picking the latest method definition i.e., the one which whitelists attributes for account_update. So, when you try to sign_up with custom attribute name, you would receive Unpermitted parameters: name warning as because of the overwriting the method configure_permitted_parameters,...
Rails 4 strong parameters with custom nested attributes name
ruby-on-rails,json,strong-parameters
Just alter your params before it's called/used by any of your actions: before_action do params[:special_settings_attributes] ||= params.delete :special_settings end ...
Working with Rails arrays in Postgres
ruby-on-rails,postgresql,ruby-on-rails-4,strong-parameters,ruby-on-rails-4.1
Yeah, Rails postgres Arrays are still a bit wonky. Hstore is a bit easier. You may be better served going thru a virtual attribute and doing what you want expressly rather than relying on standard rails behavior through a form. eg. def content_member=(member) unless member.blank? self.content_will_change! self.content[member.keys.first.to_i] = member.values.first end...
Value whitelist using strong parameters in Rails 4
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
Quick answer No! Strong parameters only let you to filter keys from a hash regardless of the value they have. Long answer No! But as it was pointed out in comments, your best solution is to use validations: class MyModel < ActiveRecord::Base validates :value, inclusion: { in: [1,2,3] } end...
Assign parameters with strong parameters and nested models in rails 4
ruby-on-rails,forms,rails-activerecord,nested-attributes,strong-parameters
The problem, I would say, is that you are using a text_field input for category and sub_category. In order for this to work, you should use a select field and then provide another way in the UI to create categories and sub_categories. Replacing f.text_field :subcategory with (and removing the :category...
config.active_record.whitelist_attributes = false in Rails 4.2 App
ruby-on-rails-3,ruby-on-rails-4,strong-parameters
I've looked through several rails 4 apps I have, none of them contained that config, and when I googled the config name, the protected_attributes gem came in the results, so I think you could assume that it's only related to the protected_attributes gem and that you don't need it
Rails for Zombies Level 4 Exercise 3 (WITH Rails 4 Strong Parameters)
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters,rails-for-zombies
the method zombie_params filters the parameters correctly. But you're not using that method when you create the Zombie object. Instead of doing @zombie = Zombie.create(params[:zombie]) use the method @zombie = Zombie.create(zombie_params) ...
Why are user attributes unpermitted on invitations controller but no other user controller?
ruby-on-rails,ruby-on-rails-4,parameters,devise,strong-parameters
I created a standalone invitations_controller and I added this to the bottom of it: def update_sanitized_params devise_parameter_sanitizer.for(:accept_invitation) do |u| u.permit(:first_name, :last_name, :password, :password_confirmation, :invitation_token, :invitation_relation,:avatar, :avatar_cache, :relation, :gender) end end And that seems to have solved it....
Upload single file via paperclip fails with unpermitted parameters
ruby-on-rails-4,paperclip,strong-parameters
In your update method you are not actually using your permitted_params method. The only attribute you permit is :name. You should change this method to allow logo also: def update if resource.update_attributes(params[:account].permit(:name, :logo)) ... ...
Building a simple calculator form in Rails 4
ruby-on-rails,ruby,ruby-on-rails-4,activerecord,strong-parameters
You should keep in mind that Rails is not only about MVC. You can create your custom classes, and use them in a model, or a controller. In this case, you could create a Calculator class inside app/lib and use it inside your controller. For example: # app/lib/calculator.rb class Calculator...
has_secure_password doesnt work on JSON but it does when form for
json,ruby-on-rails-4,strong-parameters
Looks like this issue has to do with Parameter Wrapping http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html Since your json parameters are not under a root node (and you probably have parameter wrapping turned on in config/initializers/wrap_parameters.rb), the fields are automatically being wrapped in an root with the same name as the controller (user). Since password...
Rails Strong Parameters for an API
ruby-on-rails,ember.js,ember-data,strong-parameters
The problem here was I had the ember controller set up like this: New = Ember.Controller.extend actions: createProject: -> @store.createRecord 'project', name: @get('name') This appeared to be fine, however when name wasn't filled out in the form template, it would be undefined and wouldn't be sent. I was able to...
Rails 4 - ActiveModel::ForbiddenAttributesError
ruby-on-rails,ruby-on-rails-4,strong-parameters
You just need to use message_params instead of params[:message]: @message = Message.new(message_params) ...
Rails POST to API Not Working
ruby-on-rails,api,ruby-on-rails-4,titanium,strong-parameters
You don't actually need to use permit at all here def valid_login? ApiAuthenticator.new(user,params[:password]).valid? end def user @user ||= User.find_by(email: params[:email]) end permit is only useful when you are doing mass assignment, ie things like User.create(params[:user])...
Rails 4 Polymorphic Image uploads with Paperclip not working for all models
ruby-on-rails-4,paperclip,polymorphic-associations,strong-parameters
After weeks of banging my head against a wall...I solved it...but I feel like an idiot. I'm leaving it here for anyone else who runs across this problem. It turns out I didn't quite understand the syntax to nest strong-params. By closing the nested attributes for production artists and venues...
How does params[:id] not throw an exception even if we do not explicitly whitelist :id?
ruby-on-rails,strong-parameters
See: http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters "With strong parameters, Action Controller parameters are forbidden to be used in Active Model mass assignments until they have been whitelisted." Doing a find is completely valid, and is, in fact, shown in the example in the documentation linked to, above....
ActiveModel::ForbiddenAttributes error
ruby-on-rails,ruby,ruby-on-rails-3,strong-parameters
It's a problem with cancan gem. I tried the below skip_load_resource. It's working now. load_and_authorize_resource skip_load_resource only: [:create] ...
rails4 fail creating relation can't write unknown attribute
ruby-on-rails-4,strong-parameters
In has_many relationship within your User model, you need to specify the foreign_key as the default value is user_id. The following should work: class User < ActiveRecord::Base has_many :host_parties, class_name: Party, foreign_key: :host_id end ...
Strong parameters with Active Admin: no implicit conversion of Symbol into Integer
ruby-on-rails,activeadmin,strong-parameters
A shorter version of Andrey Deineko permit_params do params = [:region, :name, :contact_details, :province_id, :status_id, :start_date] params.delete(:region) if action_name == 'update' params end console output: 2.1.5 :021 > params = [:region, :name, :contact_details, :province_id, :status_id, :start_date] => [:region, :name, :contact_details, :province_id, :status_id, :start_date] 2.1.5 :022 > params.delete(:region) => :region 2.1.5...
ParameterMissing when a parameter is empty in Rails
ruby-on-rails,strong-parameters
Because this is how .require works. See the API: http://edgeapi.rubyonrails.org/classes/ActionController/Parameters.html#method-i-require Rails isn't ensuring that the key exists but, rather, that there are parameters .present? for this key. The source for .require helps elucidate this: # File actionpack/lib/action_controller/metal/strong_parameters.rb, line 182 def require(key) self[key].presence || raise(ParameterMissing.new(key)) end And {}.present? # => false....
Rails 4 error: ActionController::ParameterMissing in UsersController#update, param not found: user
ruby-on-rails,ruby,strong-parameters
This is because you are not nesting the params inside "user" key. The .require(:user) is looking for a hash like this: {"user"=>{params}} The form is not correct, you have to add the user key before sending it. <%= form_for @user, url: {action: "update"} do |f| %> #form items. <%= f.submit...
undefined local variable or method `availability_params' for # [closed]
ruby-on-rails,ruby,strong-parameters
You got a typo in the method name. It should be def availability_params rather than def availabilty_params.
Is there a way to pass a block to update_attributes?
ruby-on-rails,ruby-on-rails-4,strong-parameters
You should do this in the model, not the controller. Using virtual attributes you can ensure that setting either height_feet or height_inches will update height with the correct value, and vice versa: class User < ActiveRecord::Base attr_reader :height_feet, :height_inches def height_feet=(feet) @height_feet = feet.present? ? feet.to_i : feet assign_height_from_feet_inches! end...
Strong Parameters for Nested has_one Association
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
Change "grid_size" to "grid_size_attributes" in your POST body. If you want to continue to use "grid_size", update your crossword_params method: def crossword_params params[:crossword][:grid_size_attributes] = params[:crossword][:grid_size] if params[:crossword][:grid_size] # NOTE :grid_size removed! params.require(:crossword).permit(:title, grid_size_attributes: [:rows, :columns]) end ...
Rails 4 Require and Permit Multiple
ruby-on-rails,ruby,rest,strong-parameters,json-api
To the best of my knowledge, I think the way to go is, that you only permit parameters in your controller, and then you perform attribute-validation in your model instead of directly in the controller on the parameters. Strong parameters are only there to secure, that some ill-intended person does...
Rails 4 strong params confusion
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
It should be params.require(:order) and not params.permit(:order) Check this out in Rails Docs : Action Controller Parameters Your code should look like: params = ActionController::Parameters.new({ order: { shipping_method: '03', line_items_attributes: [{ sale_id: "12847", qty: "12" }] } }) and after that params.require(:order).permit( :shipping_method, { line_items_attributes: [ :sale_id, :qty, ] }...
Rails 4 - Unpermitted Paramaters - Deeply nested attributes form not saving
ruby-on-rails,ruby-on-rails-4,nested-forms,strong-parameters
Solution: I changed this line in the quizzes_controller from @quiz.questions.build to 2.times { @quiz.questions.build } and it fixed the issue. Not really sure why it works now, but it does. Any explanation as to why would be really appreciated! def new @video = Video.find(params[:video_id]) @quiz = @video.build_quiz 2.times { @quiz.questions.build...
What parameters does Rails expect for editing nested models?
ruby-on-rails,nested-forms,strong-parameters
I found the solution (after adding some debugging code in desperation and seeing my test suddenly pass!). For some reason, in the controller, loading the parent did not also load the existing children fully, so the new children were being incorrectly recognised. Changing the controller code to this: def update...
Rails 4: Link tag that creates a record doesn't work with strong params
ruby-on-rails,ruby-on-rails-4,strong-parameters
If you are not using the post params and the params can't change, don't use strong params. Just catch the content of the params you need and create the post. def new_post_from_button @post = Post.create(user_id: params[:user_id], title: params[:title]) end As an alternative just remove the .require from the permits method....
Rails 4 Nested Array in Nested Object in Strong Parameters
ruby-on-rails,json,polygon,geojson,strong-parameters
I solved it now like this. Please correct me! :) params.require(:contribution).permit( :title, :description, features_attributes: [ { geojson: [ :type, { geometry: [ :type, { coordinates: [] }, coordinates: [] ] } ] } ] ).tap do |whitelisted| whitelisted['features_attributes'].try(:each_index) do |i| whitelisted['features_attributes'][i]['geojson']['geometry']['coordinates'] = params['contribution']['features_attributes'][i]['geojson']['geometry']['coordinates'] end end ...
What makes a rails param?
ruby-on-rails,activerecord,model-view-controller,rails-activerecord,strong-parameters
The params available in your controller are merely the result of the names of the fields in the form in the browser. The names of the fields in the form follow a convention that Rails has created using the form helper functions that you are using in your views. When...
Validating parameters to create a class, parameters created in the controller arn't being added.
ruby-on-rails,ruby,parameters,strong-parameters
You're calling create with the time_delta_params that isn't going to contain the tweetRatings data. You would need to do something like params['time_delta'][:final] = tweetRating[:finalRating]. You could also call create and create your hash there or rename the values in the tweetRatings hash to match what is in the model.
Ruby on Rails parameter not being saved on database
ruby-on-rails,database,strong-parameters
You are using select_tag that's why "search_column1"=>"aa_code" appears outside the parameters to the database., if you use select it will go in the customer_task hash. Change your select_tag to: <%= f.select :search_column1, options_for_select(Customer.translated_searchable_columns, params[:search_column1]), :include_blank => true %> ...
How to permit custom params using strong parametes gem?
ruby-on-rails,ruby,ruby-on-rails-3,strong-parameters
I fixed the issue as follows.. params.require(:js_data_entry)[0].permit(:data_entry=>[:node_id, :field_type, :name, :location, :rank, :multi, :must_fill, :update_db, :select_db, :role=>[], :options_attributes=>[:option_value]], :js_editor=>[:field_id,:field_class,:js_code]) ...
Rails4 Mongoid inheritance + Strong Paramters +Nested attributes
inheritance,ruby-on-rails-4,mongoid,nested-attributes,strong-parameters
as a workaround in the mongoid gem (version 4.0.0) in the file lib/mongoid/relations/builders/nested_attributes/many.rb I changed the creation of the object in the method process_attributes at line 109 to be klass = attrs[:_type].try(:constantize) || metadata.klass existing.push(Factory.build(klass, attrs)) unless destroyable?(attrs) instead of existing.push(Factory.build(metadata.klass, attrs)) unless destroyable?(attrs) and this solved my problem....
Unpermitted parameters - Rails 4.1.1, Ruby 2.1.2
ruby,ruby-on-rails-4,nested-attributes,strong-parameters
The problem is this line order_row_attributes.It should be order_rows_attributes. And with the date not being permitted,try changing the date attribute to some name like order_date. This should work private def order_params params.require(:order).permit(:customer_id, :order_date, :total, :order_rows_attributes => [:description, :quantity, :price, :order_id]) end ...
Rails strong params with “dot” in name
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
I think it's just failing to permit it because you've got a collection and you're telling it to permit a single value parameter. If you use: params.permit(:'dictionary_objects.id' => []) then all should be well....
Rails 4 error “param is missing or the value is empty:” in create
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
You have required params[:name], but the actual params are params[:topgem][:name]. Change your topgem_params method to params.require(:topgem). permit( :name, :url, :description, :downloads, :last_updated ) ...
Not sure why the VIEW does't work: Rails 4 nested attributes and has_many :through associaton in a form
ruby-on-rails-4,rails-activerecord,nested-forms,has-many-through,strong-parameters
First things first - if you're not seeing the form elements appear, it's because you've not got it set up correctly in the backend. For the longest time, I tried to set this up and was getting very frustrated that the embedded form would not appear. It wasn't until I...
Creating multiple objects with one http request
ruby-on-rails,activerecord,strong-parameters
I would see it as a new controller method something like: def multi_create render json: customer.errors, status: 422 and return unless params[:customers] all_created = true customers = [] params[:customers].each do |customer_params| customer = Customer.create(name: customer_params[:name], city: customer_params[:city]) customers << customer all_created &&= customer.valid? end if all_created render json: customers, status:...
Inexplicable unpermitted parameters error in Rails 4 nested form
ruby-on-rails-4,strong-parameters
Your nested form doesn't work with has_many because it is singluar. You want to use f.fields_for :teams do instead (plural). Please try the following changes: project_controller.rb def new @project = Project.new @project.teams.build end [...] private [...] # Never trust parameters from the scary internet, only allow the white list through....
accepts_nested_attributes_for creating duplicates
ruby-on-rails,ruby,ruby-on-rails-4,rubygems,strong-parameters
Your params: params = {"utf8"=>"✓" "article"=> { "data_id"=>"dfe9e32c-3e7c-4b33-96b6-53b123d70e7a", "name"=>"Mass", "description"=>"mass", "status"=>"active", "volume"=>"dfg", "issue"=>"srf", "iscode"=>"sdg", "image"=>{"title"=>"", "caption"=>"", "root_image_id"=>""}, "article_collections_attributes"=> [ {"name"=>"abcd", "type"=>"Special", "description"=>"content ","ordering_type"=>""} ] }, "commit"=>"Save", "id"=>"b8c8ad67-9b98-4705-8b01-8c3f00e55919"} You...
How to implement strong parameters in Rails 4
ruby-on-rails,ruby,ruby-on-rails-4,strong-parameters
strong_params are usually done in the controller, not in the model. it's also described like this in the api. so, there's also no need for you to set attr_accesible. this way different controllers can also set different fields on a model, e.g. a backend users controller could be allowed to...
Rails 4.1.8 “blog” posts not saving text or title when using strong parameters
ruby-on-rails,ruby-on-rails-4,strong-parameters
uncomment your request/permit line in post_params and actually add the param names into it def post_params params.require(:post).permit(:title, :body, :category_id, :author_id) end That is why you are getting no data in your posts - because you aren't getting any data out of params anymore. If the permit/require line is causing a...
Strong parameters
ruby-on-rails,has-many-through,strong-parameters
The kind of mass assignment that leads to vulnerabilities is when you are doing: User.create(params[:user]) And then a malicous user would pass { user: { name: 'Haxxor', admin: true }} and your entire app is compromised. Up until Rails 4, Rails would happily let you do that. There is no...
Rails 4 mass assign array of objects
ruby-on-rails,ruby-on-rails-4,strong-parameters
Found the issue. For any one struggling with same issue. It should be. if a_params a_params['attr'].each do |param,index| a = A.new(param) end end ...
Unsatisfiable strong params when using button_to for an update action
ruby-on-rails-4,strong-parameters
I was able to finally resolve this based on the information in this thread. Instead of placing the parameters in their own hash as another argument to button_to, I included them inside of the call to the plan_path method. The first argument needs to be the model's ID, and the...
Strong Params Unpermitted parameters
ruby,ruby-on-rails-4,crud,strong-parameters
The main problem here is that if you have model named 'action', your params by default will be named in the same way, which collides with ActionController default params. The simplest solution is, I guess, renaming your model.
Rails 4 nested strong parameters throwing unpermited parameters error
ruby-on-rails,strong-parameters
The issue relates to this line in the form: f.fields_for @address do |t| And this line in the controller (showing the full method so we are all on the same page): def new @organisation = Organisation.new @address = Address.new # This line, specifically respond_with(@organisation) end The problem is that you're...
Rails 4, Strong Parameters, Unpermitted parameters on fields belonging to associated model
ruby,ruby-on-rails-4,strong-parameters
You need to change this line = f.fields_for @adoption_request.person do |owner_fields| to = f.fields_for :person do |owner_fields| ...
Using Simple Form to update to-do list task on click
ruby-on-rails,simple-form,strong-parameters,wice-grid
I used a partial and somehow the Complete function works now: g.column do |task| render partial: 'complete_task', locals: {item: task} end ...